Skip to main content

New York Dept Financial Services Cyber Security Requirements: How do they affect you?

NYFDS thoughtful CISO

24% of all breaches in the past year affected financial organizations, according to the Verizon Data Breach Investigations Report (DBIR). While the federal government acknowledges the dangers of cyber threats to the finance sector, there are currently no federal regulations in place.

New York, home of Wall Street and the epicenter of the U.S. financial system, has created its own cyber security standards far superior to others in the country.

Will the NYFDS rules be effective at reducing cyber incidents?

Our president, Thomas Boyden shared his thoughts with Business Insider, citing that without clear consequences for non-compliance companies may not take the regulations seriously until they experience an incident. It’s also a misconception that compliance ensures security.

Achieving compliance is just the first step, building a program tailored to thwart the threats and vulnerabilities of your organization is also essential.

 Does NYFDS apply to my organization?

The NYDFS Cybersecurity Regulation, also known as 23 NYCRR 500, is a set of cyber security requirements that pertain to all financial institutions.

These include all organizations that are DFS regulated as well as unregulated third-party providers spanning:

  • State-chartered banks
  • Private bankers
  • Foreign banks licensed to operate in New York
  • Lenders
  • Safe deposit companies
  • Mortgage companies
  • Insurance companies

There are some selective exemptions such as employee count (less than 10) and annual revenue (less than $5 million gross). If you are unsure of your status you can learn more here.

The regulations require that financial institutions comply by implementing a comprehensive cyber security program by August 28, 2017.

Key requirements include:

  • Designating a Chief Information Security Officer (CISO)
  • Implementing least privilege policies and multi-factor authentication
  • Notifying the NYFDS of cyber security incidents within 72 hours
  • Incident response plans in place
  • Annual certification
  • Full set of regulations can be found here

How can I ensure compliance with New York cyber security regulations?

Our experts can help you get up to speed with the regulations.

In addition, we’ll make sure you’re not only compliant but protected from today— and tomorrow’s threats.


Are you prepared to meet the NYFDS guidelines?

Contact us for a complimentary security assessment with our experts today.


See our contribution in the recent Business Insider article:

New York is quietly working to prevent a major cyber attack that could bring down the financial system